Distributed denial-of-service attack
Definitions A distributed denial-of-service attack (DDoS) Overview "DDoS attack vectors can fall into one of three categories: #'Volumetric Attacks:' These attacks attempt to consume the bandwidth either within the target network or service, or between the target network or service and the rest of the Internet. These attacks are simply about causing congestion. #'TCP State‐Exhaustion Attacks:' These attacks attempt to consume the connection state tables that are present in many infrastructure components, such as load balancers, firewalls, and the application servers themselves. They can take down even high‐capacity devices capable of maintaining state on millions of connections. #'Application‐Layer Attacks:' These target some aspect of an application or service at the Application Layer. They are the most sophisticated, stealthy attacks because they can be very effective with as few as one attacking machine generating a low traffic rate. This makes these attacks very difficult to proactively detect with traditional flow‐based monitoring solutions. To effectively detect and mitigate this type of attack in real time, it is necessary to deploy an in‐line or other packet‐based component to your DDoS defense."Cybersecurity Risk Management and Best Practices (WG4): Final Report, at 408. A DDoS attack occurs in two steps. First, the attacker takes over a large number of Internet host computers and installs a malware program on them that will allow the attacker, at any later time, to remotely control those host computers. Second, at a later time, the attacker's computer sends a command to the host computers to launch an attack against the target computer or network at the same time. DDoS attacks seek to render an organisation's website or other network services inaccessible by overwhelming them with an unusually large volume of traffic. Malware indirectly contributes to DDoS attacks by creating a renewable supply of compromised computers (bots) through which the flood attacks are launched. DDoS traffic may consist of relatively easily identified bogus packets, or properly-formed and seemingly legitimate "requests for service." This flood of traffic is intended to exceed the capacity of either the network bandwidth or the computer resources of the targeted server, or both, thereby making the service unavailable to most or all of its legitimate users, or at least degrading performance for everyone. Simple DDoS attacks use a distributed network of bots (called a botnet) to attack a particular target. The more complex DDoS attacks use multiple botnets to simultaneously attack the target. In traditional DDoS attacks, botnets are used to send massive amounts of queries and overwhelm a system. However, low and slow attacks, a recent trend noted by some security experts, occur over a longer period of time and use a small amount of bandwidth from thousands, if not millions, of compromised computers. Often the attacker co–ordinates the attack so that not all the bots will attack the target at the same time, but rather on a rotating basis. The victim and the Internet service provider may not notice that their network traffic has increased but over time, it becomes a drain on their infrastructure and other resources. "DOS attacks are illegal under Computer Fraud and Abuse Act."Cybersecurity: Selected Issues for the 115th Congress, at 3. Examples of DDoS Attacks The first large DDoS attack, in February 2000, took down some of the Web's most popular websites for hours, including Yahoo!, CNN, eBay, Amazon.com, Buy.com, and E*Trade. The FBI eventually tracked down the perpetrator, 15-year-old "Mafiaboy," after he bragged about it to friends online. DDoS attacks have been launched against governments for various purposes including political or ideological ones. For example, Swedish government websites were attacked in the summer of 2006 as a protest against the country's anti-piracy measures. More recent events in Estonia have raised an interesting discussion on what a cyberattack of this nature means for countries. On February 7, 2007, a DDoS attack, emanating from sources in the Asia-Pacific region, was launched on nine of the 13 root servers that support the domain name system. It was unsuccessful. "In theory, a DDoS attack could temporarily take down the entire web by simultaneously targeting the 13 root servers on which all Internet traffic depends. In practice, this has not yet happened."Id. at 5. References See also * Denial-of-service attack * Distributed Denial of Service for Bitcoin * Understanding Denial-of-Service Attacks External resource * VeriSign Intelligence Operations Team, "Distributed Denial of Service (DDoS) Attacks: An Overview and an Analysis" (June 4, 2010) (full-text). Category:Computer crime Category:Internet Category:Privacy Category:Definition